OFFICERS

AND DIRECTORS

2005-2006

PRESIDENT Patricia A. Earl-Cole, CISA, CIA Lafarge North America (248) 447-2600 VICE PRESIDENT Brenda L. Karl, CISA Horn Murdock Cole (248) 633-2424

TREASURER Jamshid Sadaghiyani, CISA, CPA PricewaterhouseCoopers LLP (313) 394-6567

SECRETARY Michael A. Forrest, CISA Jefferson Wells (248) 226-1269

DIRECTORS

Arthur Abruzzo, CISA, CDP, CSP Amerisure Companies (248) 426-7944

Edward R. Barszcz, CIA, CFE Consultant (313) 278-3915

Paul L. Haley, CISA DTE Energy (313) 235-9244

Brandy A. Hanna, CISA, CPA Federal-Mogul Corporation (248) 354-2602

Donald K. Ledwith, CISA, CISSP, CSP Cindrich Mahalak & Company (586) 296-1155 ex. 241

John W. McCormick, CISA, CIA Horn Murdock Cole (248) 471-3075

John L. Quaine II, CISA, CPA, CIA Blue Cross Blue Shield of MI (313) 225-7663

Carrie Schrader, CISA, CBM, CFE KPMG LLP (313) 230-3222

Andrea M. Stromar, CISA

Jason A. Thompson Ford Motor Company (313) 598-3788

Douglas S. Wahr, CISA, CISSP The Auto Club Group (313) 436-7277

James M. Watson, CISA, CIA Ford Motor Company (313) 594-0609

Karine F. Wegrzynowicz, CISA, CIA Lafarge North America (248) 447-4726

Susan A. Yamin, CPA Comerica Inc. (313) 222-7730

Robert V. Yanik, CISA Blue Cross Blue Shield of MI (313) 225-7345

VOLUME 20, #8 REGION 2, CHAPTER 8 APRIL, 2006

Monthly Meeting

Wednesday, April 19, 2006

Member Madness Month

Pre-Dinner Topic: “Disaster Recovery and Business Continuity” James C. Hanlon Jr., CISSP, President & CEO, JC HanlonConsulting, Inc.

After-Dinner Topic: “Disaster Recovery and Business Continuity” James C. Hanlon Jr., CISSP, President & CEO, JC HanlonConsulting, Inc.

Date: Wednesday, April 19, 2006

Time: 4:30-5:00 Registration/Networking 5:00-6:00 Before-Dinner Presentation 6:00-7:00 Dinner 7:00-8:00 After-Dinner Presentation

Location: Tapestry (See map and directions on page 11) 24580 Evergreen Southfield, Michigan 48075 (248) 356-5602

Cost: $25.00 Members (For April only, a member may sign up at the member rate and bring a guest free. This does not apply to members who have a certificate for a

‘free’ evening) $35.00 Non-Members (For April only, a member may sign up at the non-member rate and bring a guest free. This does not apply to non-members who have a certificate for a ‘free’ evening) $10.00 Students and Retirees

Reservations will be taken by Suzanne McCormick. Please make reservations by NOON on Friday, April 14. You can make your reservation online at isaca-det.org or e-mail your reservation to Suzanne McCormick at jsmccor65@aol.com. If you do not have access to the Internet, call Suzanne at (248) 471-3075. Please include your name, certification, company, telephone number, and whether you are a Member, Non-member, Student or Retiree. All e-mail reservations will receive a personal confirmation that the reservation was received. Walk-ins are welcome.

Visit our web site at: isaca-det.org

DATABYTE

DATABYTE

_xààxÜ yÜÉÅ à{x cÜxá|wxÇà Dear Members, This year is passing by us quickly, and I am amazed at our meeting growth approaching our April meeting. I want to thank Paul Williams, Grey Hat Research Corporation, for an outstanding meeting. Although I wasn’t able to attend the meeting, I have heard nothing but wonderful feedback from those that were there. Our joint training conference with the IIA was once again a success, and I want to thank our Joint Seminars Committee, sponsors and vendors for that experience. It has been our goal this year to serve our membership and help foster your professional growth knowledge. We have been able to achieve that with an added training session this year during last August, as well as some sponsored events during the year for the meetings themselves. Once again we are going to sponsor a Member madness meeting for our April meeting. It will be the same format as the October meeting where there is one paid person and a guest can attend for free. Non-members will be at the non-member rate with a guest for free, and members will be at the member rate with a guest for free. We look forward to your participation in our activities this year as well as our motivation to bring you a professional program that will foster growth in your IT audit career. Our board has a collective goal to serve you our membership, and we are honored to carry out that responsibility. This year we have worked hard to bring our chapter many new ideas and different types of programs. I hope that these ideas and programs have helped improve your continuing education insight. If you have more thoughts, ideas for us, or you feel that we are falling short of our goals, please contact me at Patricia.Earl-Cole@lafarge-na.com. I wish to round out our year with the board with your input, and enhance your membership with ISACA as Membership Chair. Page 2

Please remember that the May meeting is our last meeting of the year, and we have some wonderful things planned for that meeting as well. I welcome any questions that you may have, and please feel free to contact me at Patricia.Earl-Cole@lafarge-na.com . Patti Earl-Cole, CISA, CIA President Detroit Chapter ISACA

THIINK SPRING

DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH

ADVERTISE IN THE

DETROIT CHAPTER DATABYTE ¼ PAGE AD - $25 ½ PAGE AD - $50

FULL PAGE AD - $100 SEND YOUR AD TO THE

FOLLOWING SUZANNE McCORMICK JSMCCOR65@AOL.COM

OR 248-471-3075

DATABYTE

SPEAKER INFORMATION

James C. Hanlon Jr., CISSP President and CEO

JC Hanlon Consulting, Inc. Jim's career has spanned over 31 years in various management roles within the Security, IT, Education, Healthcare, and Automotive industries. Jim left his position with a Tier 1 automotive supplier to develop a premier Business Continuity/Disaster Recovery, Security, and IT consulting and services firm. JCHanlon Consulting boasts IT Architects, Legal, Internal Audit, Security Officers, and BCP/DR Planners, from Fortune 150 and other mid to small sized businesses. Jim’s goal is to help organizations find responsible solutions for their compliance and other business needs. Jim had served in eighteen countries on four continents while developing and managing; information security, training, DR, and IT project groups along with national & global support centers for various organizations. Career highlights have included:

• Developed the first commercial 24x7, network incident response teams in the Detroit Metropolitan Area in 1987

• Responsible for the development and management of business continuity/disaster recovery plans for 200+ manufacturing plants, financial, and IT Services organizations

• Developed enterprise security policies, standards, and procedures

• Creation of physical security steering committees • Developed response plans for C-TPAT, SOX, FFIEC,

NCUA, and HIPAA compliance • Developed and managed international project

management and IT engineering teams • Awards by NATTS/CCA for development of

nationally recognized adult education model • Held a Top Secret security clearance while serving in

the US Air Force Affiliations:

• Board Member DDSEC (Downtown Detroit Security Executive Council) and GLBRG (Great Lakes Business Recovery Group)

• Secure Member FBI - Infragard Michigan and Pennsylvania and NCORP – the USCG National Council on Readiness and Preparedness

• Member ISACA, ISSA (Information Systems Security Association), HTCIA (High Technology Crime Investigation Association), AIAG (Automotive Industry Action Group), ASIS

Page 3

PRE-DINNER and AFTER- DINNER INFORMATION

“Disaster Recovery and Business Continuity”

At a time when we have experienced unprecedented issues that should drive home the message that organizations need to develop or improve their Business Continuity and Disaster Recovery programs, we find BCP&DR practitioners struggling to gain the momentum they need to get their programs to a level of being integrated into the business culture. We will explore some of the challenges as well as some new ideas and methods to aid in this effort.

Shown above with our Program Chair, Paul Haley, was the popular March pre-dinner and after-dinner speaker, Paul Williams from the Gray Hat Research Corporation Show below is Paul William

DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH

DATABYTE DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH

YEAR AT A GLANCE

April 5, 2006 Final Registration Deadline for the June 2006 CISA and CISM Exams April 14, 2006 Reservations due by noon for the April 19 ISACA dinner meeting April 19, 2006 Deadline for articles, information and advertisement for the May issue of the Databyte April 19, 2006 Chapter Meeting – Tapestry James C. Hanlon Jr., CISSP, President & CEO, JC Hanlon Consulting Inc. “Disaster Recovery and Business Continuity” May 12, 2006 Reservations due by noon for the May 17 ISACA dinner meeting May 17, 2006 Chapter Meeting – Tapestry Kim Winnik, Blue Cross Blue Shield of Michigan “Ethics” Derrick Buckingham, CISA, CISSP, CISM, Blue Cross Blue Shield of Michigan “Security Risk Assessment” June 10, 2006 Summer 2006 CISA and CISM Exams

Page 4

Information Systems Compliance Specialist at Federal-Mogul

You will be responsible for coordinating Federal-Mogul's Sarbanes-Oxley Section 404 and 302 Information Systems compliance efforts specifically around financial statement processes for SAP and other legacy systems. You will be required to manage large and diverse teams of stakeholders within and outside of Information Systems including Finance, Internal Audit, ethics and compliance. You will be integral to our sustaining activities and a change agent whom will drive new efficiencies and re-engineer internal control processes and practices. Prior experience developing audit plans, testing controls, and working with Sarbanes-Oxley are desirable as well as superior communications skills, business process management, issue management and leadership skills. Job Requirements: To be successful in this position, you must possess:

- Strong background in accounting, controls assessment, and process improvement - 5-7 years of Information Technology experience is required - 2-5 years of Information Technology Audit experience is preferred (specifically IT General Controls and

Application Reviews) - in Public Accounting and/or Internal Audit - Well developed knowledge of COBiT and COSO - SAP or ERP Experience preferred - Sarbanes-Oxley Experience - BS in Financial/Accounting Information Systems, Accounting, or Management Information Systems is

required - CISA and/or CIA certification a plus

Federal-Mogul Corporation is a leading global supplier offering a comprehensive portfolio of quality products, trusted brands and creative solutions to the automotive and other industries. The Company utilizes its engineering and materials expertise, proprietary and innovative technology, manufacturing skill, distribution flexibility and marketing power to create value for its stakeholders. The Company's principal customers include many of the world's foremost original equipment manufacturers of vehicles and industrial products, aftermarket retailers and wholesalers. Headquartered in Southfield, Michigan, Federal-Mogul's rich heritage began in Detroit, Michigan in 1899. Today, Federal-Mogul employs more than 45,000 people in 29 countries. Interested, qualified candidates are encouraged to submit a resume to on Federal-Mogul.com by clicking on the "Careers" link.

DATABYTE DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH

New Detroit Chapter Members

Pulsi Jason Alexander Sumeer Dosanjh Nathanael J. Ross Samantha Balinski Christine M. Filary Thomas Schneider

Krysta Bartnick Edward M. Flanagan Sam Shim Thomas C. Bartol Mahendran Govinda David Soubly Brooke L. Bauer John Heymes Sily Sudhir

Todd J. Bauer Bheshaj K. Krishnappa Kurt M. Weirich Spiros Borotis John F. Mbaga Charles Williams

Sean M. Cassady Adam F. Mbaga Lily B. Yeoh Yogesh Chavarkar Indira Nandyal Mujee Yoosufani

Sarah Cook Alvin B. Riddle

Recent ISACA Certifications CISA Certification

Aubrey L. Blakely Rocklin C. Dunlap Jason A. Thompson Rick E. Bober Donna Kischuk Bruce A. Wilson

Gregory D. Boehmer John Pilch

The Following People Passed the CISA CISM Exam Given in December of 2005

CISA Exam

John S. Gilmour Julia O’Neill

William L. Wayland

CISM Exam

Greg J. Avesian Mark S. Henry Philip Schuster Timothy R. Hellebuyck Abhishek R. Narula Kasi S. Viswanathan

Peter J. Reuter

The people who passed the CISA or CISM Exam in December of 2005 will be receiving certificates for a free May17, 2006 ISACA meeting and dinner. If you passed the exams and your name was not in the above list, you may have marked the box indicating that HQ was not to release the results to the local chapter.

Shown at left with our Program Chair, Paul Haley, is the February pre-dinner speaker, Charles T. Oxender.

Page 5

DATABYTE DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH

ARE YOU MISSING OUT On the benefits of Certification?

Register now for the June 10 Exam Deadline for Registration for June 10 Exam is April 5, 2006

FREE CISA – CISM Exam Review Class The Detroit Chapter is once again proud to present an exam review class for those registered or considering to take the either the CISA or CISM exam. Both classes will be held at the Blue Cross Blue Shield facility in Southfield, Michigan in separate rooms. See the schedule below. There is no charge for the class, but the review manual from ISCA International is recommended. Books and study aids can be ordered online from the ISACA bookstore for the CISA or CISM. Please register via the website www.isaca-det.org, or e-mail your registration to Mike Forrest at michael.forrest@jeffersonwells.com.

You will receive directions to BCBSM facility and a class schedule via e-mail in April.

CISA & CISM Exam Review Class Schedule: Saturday, April 29, 2005 8:00 a.m. to 5:00 p.m. Thursday, May 4, 2006 6:00 p.m. to 9:00 p.m. Thursday, May 11, 2006 6:00 p.m. to 9:00 p.m. Thursday, May 18, 2006 6:00 p.m. to 9:00 p.m. Thursday, May 25, 2006 6:00 p.m. to 9:00 p.m.

Remember, the CISA Exam content has changed for 2006 based on ISACA’s job practice study. The content areas for the June 2006 examination are:

• IS Audit Process – 10% Provide IS audit services in accordance with IS audit standards, guidelines, and best practices to assist the organization in ensuring that its information technology and business systems are protected and controlled.

• IT Governance – 15% To provide assurance that the organization has the structure, policies, accountability, mechanisms, and monitoring practices in place to achieve the requirements of corporate governance of IT.

• Systems and Infrastructure Lifecycle – 16% To provide assurance that the management practices for the development/acquisition, testing, implementation, maintenance, and disposal of systems and infrastructure will meet the organization’s objectives .

Information Continued on Page 7 Page 6

DATABYTE DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH

Exam Information Continued From Page 6

• IT Service Delivery and Support – 14%

To provide assurance that the IT service management practices will ensure the delivery of the level of services required to meet the organization’s objectives.

• Protection of Information Assets – 31% To provide assurance that the security architecture (policies, standards, procedures, and controls) ensures the confidentiality, integrity, and availability of information assets.

• Business Continuity and Disaster Recovery – 14% To provide assurance that in the event of a disruption the business continuity and disaster recovery processes will ensure the timely resumption of IT services while minimizing the business impact.

Register via the website www.isaca-det.org, or e-mail your registration to Mike Forrest at michael.forrest@jeffersonwells.com. Registration: Name: E-mail address: Day Time Phone No. Employed by: Registered for the CISA ______ CISAM______

Need CPEs For Your Certification? Exam Writer’s Program Program Objectives In order to continue to offer an examination that measures a candidate’s knowledge of current audit, security and control practices, new questions are regularly required for the CISA and CISM Examinations. The CISA/CISM Item Writer Program was designed to have professionals in the field of IS audit, control and / or security write questions for the CISA/CISM Exam Pools. Questions are sought from experienced practitioners who can develop items that relate to the application of sound audit principles and practices. Continuing education hours and cash payments are offered as incentive to question writers. How You Can Participate In This Important Program If you are interested in participating in the CISA Item Writer Program, please contact the Certification Department at ISACA International:

Phone: 847.590.7471 Email: cisa@isaca.org or cism@isaca.org

Page 7

DATABYTE DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH

Page 8

DATABYTE DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH

At the March Student Night meeting, students attended form Eastern Michigan University, Oakland University, Wayne State University and the University of Detroit Mercy.

Page 9

DATABYTE DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH

Shown on the left with Paul Haley and Dr. D. Robert Okopny are the March Student Scholarship winners, Marijana Adzic and Ben Abbott.

Page 10

DATABYTE DETROIT CHAPTER ISACA – YOUR ‘YEAR-ROUND’ PARTNER FOR PROFESSIONAL GROWTH

TAPESTRY 24580 Evergreen

Southfield, Michigan 48075 (248) 722-1547

Tapestry is located near major freeways. It is ¼ mile from Highway 10 (the Lodge) and just 1 mile south of I-696 on Evergreen. Tapestry is south of the Speedway Gas station that is located on the SE corner of the Lodge and Evergreen. Tapestry is on the East side of Evergreen Road and is a single story dark beige building. (It was previously a Bill Knapp’s restaurant)

From the Troy Area: Take I-75 South to 696 West. Take 696 West to Exit #11 Evergreen Road. Turn left onto Evergreen Road. Tapestry is just over a mile (1.1) on the left hand side (East side) of Evergreen.

From Detroit: Take The John C. Lodge MI-10 North out of Detroit. Take the Lodge North until the Ten (10) Mile Evergreen Road Exit. Turn left onto Evergreen Road. Evergreen is the first major intersection off of the Lodge. Tapestry Restaurant is only a tenth of a mile on Evergreen on the left hand side (East side).

From Farmington/Novi Area: Take 696 East (Walter P. Reuther) to the John C. Lodge MI 10 South. Follow the John C. Lodge MI 10 for 2 ½ miles to the Evergreen Ten (10) Mile Road Exit. Follow the service drive to Evergreen Road (past 10 Mile Road) and turn Right. Tapestry is less than a tenth of a mile on Evergreen on the left hand side (East side).

From Dearborn/South/Southwest Area: Go to Telegraph Road. Take Telegraph North to Nine (9) Mile Road. Turn right onto Nine Mile to go East. Take Nine Mile for approximately 2 Miles to Evergreen and turn left. Take Evergreen North less than a mile and Tapestry is on your right (East) before 10 Mile Road.

Page 11

696

39

10

Evergreen Road

Southfield Road

Lahser Road

Berg R

oad

Telegraph Road

24

John C. Lodge Freeway

11 Mile road

10 Mile road

9 Mile road

Tapestry24580 Evergreen

Southfield, Mi 48075

Northwestern Highway

DINNER BUFFET

FIELD GREENS with Mandarin Oranges & Raspberry Vinaigrette SLICED SIRLOIN with Red Wine Reduction and Crispy Onions BREAST OF CHICKEN with Apples and Whole-grain Mustarg SWEET CORN with Peppers and Onions GRALIC MASHED YUKON GOLD POTATOES VANILLA ICE CREAM with Chocolate Sauce OPEN BAR BEER AND WINE ONLY NO OTHER LIQUOR AVAILABLE

(VEGETARIAN PLATE AVAILABLE BY PRE-REGISTRATION ONLY)

DATABYTE

SUZANNE McCORMICK, EDITOR 30032 FINK AVENUE FARMINGTON HILLS, MI 48336 (248) 471-3075 Jsmccor65@aol.com

April 5, 2006 Final Registration Deadline for the June 2006 CISA and CISM Exams April 14, 2006 Reservations due by noon for the April 19 ISACA dinner meeting April 19, 2006 Deadline for articles, information and advertisement for the May issue of the Databyte April 19, 2006 Chapter Meeting – Tapestry James C. Hanlon Jr., CISSP, President & CEO, JC Hanlon Consulting Inc. “Disaster Recovery and Business Continuity”

The Month At A Glance

Menu – April 19, 2006 The Chapter must provide the number of reservations by NOON on the Friday before the meeting. To ensure that we can accommodate those who wish to attend and the facility can provide the best service possible, please make your reservations early. If you have made a reservation and cannot attend, please call Suzanne McCormick at (248) 471-3075. Your cooperation is greatly appreciated.

MARCH DRAWING WINNERSRick Kugel

Srinivas MysoreMike Stolarczyk

Michael Yaskanin